package com.botu.implicit.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;

/**
 * @Author: hanzeyao
 * @Date: 2020/2/19 14:50
 * @Description:
 */
@Configuration
@EnableAuthorizationServer //开启授权服务
public class AuthorizationConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        //允许表单提交
        security.allowFormAuthenticationForClients()
                //参数与security访问控制一致
                .checkTokenAccess("permitAll()");
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client") //client端唯一标识
                .authorizedGrantTypes("implicit") //授权模式标识
                .accessTokenValiditySeconds(120) //访问令牌的有效期，这里设置120s
                .scopes("app") //作用域
                .resourceIds("resource1") //资源id
                .redirectUris("https://www.baidu.com") //回调地址
                .and()
                .withClient("resource-server") //资源服务器校验token时用的客户端信息，仅需要client_id与密码
                .secret(passwordEncoder.encode("test"));
    }
}
